Hacking Wireless Networks (2015)
Part V
Appendixes
Appendix B
Glossary of Acronyms
3DES: Triple Data Encryption Standard
ACK: Acknowledge
ACL: Access Control List
AES: Advanced Encryption Standard
AES-CCMP: ES-Counter Mode CBC-MAC Protocol
AES-WRAP: ES-Wireless Robust Authenticated Protocol AH: Authentication Header
AP: Access Point
BBWA: Broadband Wireless Access
BER: Bit Error Rate
BSS: Basic Service Set
BSSID: Basic Service Set Identifier
CCK: Complimentary Code Keying
CF: Compact Flash
CHAP: Challenge/Handshake Authentication Protocol CRC: Cyclic Redundancy Check
CSMA/CA: Carrier Sense Multiple Access/Collision Avoidance CTS: Clear to Send
29_597302_appb.qxd 8/4/05 7:08 PM Page 342
342 Part V: Appendixes
DB: Decibel
DBm: Decibel per milliwatt
DBPSK: Differential Binary Phase Shifting Key
DCF: Distributed Coordination Function
DDoS: Distributed Denial of Service
DES: Data Encryption Standard
DHCP: Dynamic Host Configuration Protocol
DiGLE: Delphi imaging Geographic Lookup Engine
DMZ: De-Militarized Zone
DoS: Denial of Service
DQPSK: Differential Quadrature Phase Shifting Key DSSS: Direct Sequence Spread Spectrum
EAP: Extensible Authentication Protocol
EAP-TLS: AP-Transport Layer Security
EAP-TTLS: EAP-Tunneled Transport Layer Security
EAPOL: EAP Over LANs
ESP: Encapsulating Security Protocol
ESS: Extended Service Set
ESSID: Extended Service Set Identifier
FCC: Federal Communications Commission
FH: Frequency Hopping
FHSS: Frequency Hopping Spread Spectrum
FIN: Finish
29_597302_appb.qxd 8/4/05 7:08 PM Page 343
Appendix B: Glossary of Acronyms
343
GFSK: Gaussian Phase Shifting Key
GHz: Gigahertz
GPS: Global Positioning System
GSM: Global System for Mobile Communications
HR/DSSS: High-Rate Direct-Sequence Spread Spectrum HTTP: Hypertext Transfer Protocol
IAPP: Inter-Access Point Protocol
IBSS: Independent Basic Service Set
ICAT: Internet Categorization of Attack Toolkit
ICV: Integrity Check Value
IDS: Intrusion Detection System
IEEE: Institute of Electrical and Electronics Engineers IETF: Internet Engineering Task Force
IKE: Internet Key Exchange
IP: Internet Protocol
IPS: Intrusion Prevention System
Ipsec: Internet Protocol Security
ISM: Industrial, Scientific, and Medical
ISO: International Organization for Standardization IV: Initialization Vector
JiGLE: Java-imaging Geographic Lookup Engine
Kbps: Kilobits per second
KHz: Kilohertz
29_597302_appb.qxd 8/4/05 7:08 PM Page 344
344 Part V: Appendixes
L2TP: Layer 2 Tunneling Protocol
LAN: Local Area Network
LBT: Listen Before Talking
LDAP: Lightweight Directory Access Protocol
LEAP: Lightweight EAP
LLC: Logical Link Control
LOS: Line of Sight
MAC: Media Access Control
Mbps: Megabits per second
MD5: Message Digest 5
MHz: Megahertz
MIB: Management Information Base
MIC: Message Integrity Check
mW: Milliwatt
MIMO: Multiple-In/Multiple-Out
MITM: Man-in-the-Middle; Monkey-in-the-Middle
NIC: Network Interface Card
OFDM: Orthogonal Frequency Division Multiplexing
PAP: Password Authentication Protocol
PCF: Point Coordination Function
PCMCIA: Personal Computer Memory Card International Association PDA: Personal Digital Assistant
PEAP: Protected EAP
29_597302_appb.qxd 8/4/05 7:08 PM Page 345
Appendix B: Glossary of Acronyms
345
PED: Personal Electronic Device
PKI: Public-Key Infrastructure
PoE: Power over Ethernet
PPTP: Point-to-Point Tunneling Protocol
PS-Poll: Power Save Poll
PSK: Pre-Shared Key
QAM: Quadrature Amplitude Modulation
RADIUS: Remote Authentication Dial-in User Service RBAC: Role-Based Access Control
RC4: Ron’s Code 4
RF: Radio Frequency
RF LOS: Radio Frequency Line of Sight
RSA: Rivest-Shamir-Adelman
RSN: Robust Security Networks
RTS: Request to Send
SME: Small-to-Medium Enterprise
SNMP: Simple Network Management Protocol
SNR: Signal-to-Noise Ratio
SOHO: Small Office Home Office
SSH: Secure Shell
SSID: Service Set Identifier
SSL: Secure Sockets Layer
SYN: Synchronize
29_597302_appb.qxd 8/4/05 7:08 PM Page 346
346 Part V: Appendixes
TCP: Transmission Control Protocol
TCP/IP: Transmission Control Protocol/Internet Protocol THC: The Hacker’s Choice
TKIP: Temporal Key Integrity Protocol
TLS: Transport Layer Security
UDP: User Datagram Protocol
USB: Universal Serial Bus
VPN: Virtual Private Network
WAP: Wireless Application Protocol
WEP: Wired Equivalent Privacy
Wi-Fi: Wireless Fidelity
WIDS: Wireless Intrusion Detection System
WiGLE: Wireless Geographic Logging Engine
WISP: Wireless Internet Service Provider
WLAN: Wireless Local Area Network
WMM: Wi-Fi Multimedia
WPA: Wi-Fi Protected Access
30_597302_bindex.qxd 8/4/05 7:27 PM Page 347
Index
• Symbols and
Airjack suite MITM software, 209
AirMagnet
Numerics •
Laptop Analyzer, 219–220
packet analyzer, 119
^M character ending text files, 49
wardriving software, 173
802 work group, 9
Aironet 340 antenna (Cisco), 94
802.11 standards
AiroPeek and AiroPeek NX sniffers
complexities of, 14
deauthentication attack viewed in, 247–248
DoS attacks and, 226–227
described, 35, 218
802.11i (WPA2), 10–11, 275–277, 278
detecting network anomalies with, 130
encryption features, 255–257
Expert analysis, 189–190
frame authentication lacking in, 226
finding unauthorized equipment with,
management-frame attacks exploiting,
188–191
209–211
overview, 114–115
message integrity protection and, 256–257
Peer Map creation with, 188–189
message privacy protection and, 255–256
Security Audit Template.ctf, 189
network-level attack vulnerabilities, 195–196
as wardriving software, 173
origin of name, 9
Web site, 35
reference guides, 305
AirScanner Mobile Sniffer freeware, 119
RF jamming and, 229
Airscanner wardriving software, 173
security vulnerabilities, 10–11
AirSnare WIDS program, 296
802.1X authentication, 288–290
AirSnarf program, 178
40-bit encryption, 256, 258–259
AirSnort WEP-key cracking tool, 267–269
104-bit (128-bit) encryption, 256, 258
AirTraf sniffer, 114
10pht’s AntiSniff, 130
airwaves. See controlling radio signals;
determining network bounds;
• A •
RF jamming
Amap application mapping tool, 103, 105
American Registry for Internet Numbers
access points. See APs
(ARIN), 35
acronyms, glossary of, 341–346
Anger PPTP cracker, 295
active traffic injection attacks on WEP,
Anritsu spectrum analyzer, 90
263–264
antennae
ACU client (Cisco), 289
buying wireless NICs and, 59
Address Resolution Protocol. See ARP
cantennae, yagi-style, or wave guide, 60, 62,
Advanced Encryption Standard (AES), 278
92–93
AEGIS 802.1X client software (Meetinghouse
choosing, 304
Data), 289
dipole, 93
AEGIS RADIUS server (Meetinghouse
directional versus omnidirectional, 60–61
Data), 289
DoS attacks and, 252
Aerosol wardriving software, 173
further information, 62
AES (Advanced Encryption Standard), 278
omnidirectional, 13, 60–61, 94
aircrack WEP-key cracking tool, 269–273
parabolic grid, 92
AirDefense IDS system, 80
radiation patterns, 91–94
AirDefense Mobile program, 219
signal strength adjustment, 94–95
Aireplay traffic injection tool, 263
Web sites, 335
AirJack packet injection tool, 240
AntiSniff (10pht), 130
30_597302_bindex.qxd 8/4/05 7:27 PM Page 348
348 Hacking Wireless Networks For Dummies
Antritsu RF generators, 64
frame authentication lacking in 802.11, 226
anwrap LEAP-cracking tool, 293
MAC (message authentication code), 257
AP overloading
open-system, 282
association and authentication attacks,
shared-key, 282–284
234–240
states of, 281–282
open authentication phases and, 234–235
VPNs for, 295–296
packet-injection tools for, 235–237, 240
WDMZ setup, 297
testing for, 235–237
WPA for, 293–294
unintentional, 240–241
WPA2 for, 294–295
AP Scanner wardriving software, 173
application mapping (Linux), 105
• B •
APs (access points). See also AP overloading;
SSIDs (service-set identifiers);
bandwidth, limiting, 253
unauthorized equipment
baseline usage, establishing, 251
common client vulnerabilities, 104–105
Basic Service Set (BSS) configuration, 179
default settings, 76–77
Basic SSID (BSSID), 132. See also MAC
defined, 11
(media-access control) addresses
enumeration of SNMP on, 214–216
beacon packets of unauthorized systems, 182
evil twins, 286
Beaver, Kevin
fake (honeypots), 74, 175–176
Hacking For Dummies, 2, 14, 19, 33, 56, 78,
rogue APs, 178
107, 111
searching the Internet for yours, 34–35, 71
Hacking Wireless Networks For Dummies, 1–6
signal strength adjustment, 94–95
Bluesocket IDS system, 80
WEP encryption settings, 258–259
Bochs emulation software, 46
on Wi-Fi databases, 34–35
bounds of network. See determining network
APsniff wardriving software, 173
bounds
ARIN (American Registry for Internet
broadcasts
Numbers), 35
beacon, increasing intervals, 175
ARP (Address Resolution Protocol)
SSID, disabling, 13, 129
ARP-poisoning attacks, 209, 211–213
BSD-Airtools wardriving software, 173
Network Scanner for ARP lookups, 100
BSS (Basic Service Set) configuration, 179
arping tool, 126
BSSID (Basic SSID), 132. See also MAC (media-
Arpmim MITM software, 209
access control) addresses
arpwatch (LBL), 129
The Art of War (Sun Tzu), 155
asleap LEAP-cracking tool, 291–292
• C •
attenuators, 94
Auditor Linux, 119
cables, 304
Auditor Security Collection (Knoppix), 236,
Cain & Abel password recovery tool, 120–124
274, 297–299
candy security, 68
authentication
cantennae, 60, 62
association and authentication attacks,
Capsa packet analyzer, 119
234–240
caret-M (^M) character ending text files, 49
Auditor Security Collection for testing,
Casio MIPS PDA, 44
297–299
CD distributions of Linux, 55–56
countermeasures, 293–299
CENiffer packet analyzer, 119
cracking LEAP, 290–293
CERT (Computer Emergency Response
deauthentication attacks, 242–250
Team), 27
defined, 281
certifications, 327
EAP (Extensible Authentication Protocol),
Chappell, Laura (troubleshooting book
284–288, 297
author), 130
802.11 methods, 282–283
Chase, Kate ( Norton All-in-One Desk Reference
802.1X implementation, 288–290
For Dummies), 46
30_597302_bindex.qxd 8/4/05 7:27 PM Page 349